Lucene search
+L

51 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 5:3 a.m.8 views

CVE-2024-10215

The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

9.8CVSS6.9AI score0.00652EPSS
Exploits0References1
NVD
NVD
added 2025/01/25 2:15 a.m.15 views

CVE-2025-0357

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPBProfilecontroller::handleimageupload' function in versions up to, and including, 1.6.9. This makes it possible for unauthenticated attackers to upload arbitrary files on t...

9.8CVSS0.01061EPSS
Exploits0References2
CVE
CVE
added 2025/01/25 1:44 a.m.80 views

CVE-2025-0357

The CVE-2025-0357 entry concerns the WordPress WPBookit plugin (versions up to 1.6.9). The underlying issue is insufficient file type validation in the function WPB_Profile_controller::handle_image_upload, permitting unauthenticated arbitrary file uploads on affected sites and potentially enablin...

9.8CVSS8AI score0.01061EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/01/25 1:44 a.m.25 views

CVE-2025-0357 WPBookit <= 1.6.9 - Unauthenticated Arbitrary File Upload

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPBProfilecontroller::handleimageupload' function in versions up to, and including, 1.6.9. This makes it possible for unauthenticated attackers to upload arbitrary files on t...

9.8CVSS0.01061EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/25 1:44 a.m.8 views

CVE-2025-0357 WPBookit <= 1.6.9 - Unauthenticated Arbitrary File Upload

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPBProfilecontroller::handleimageupload' function in versions up to, and including, 1.6.9. This makes it possible for unauthenticated attackers to upload arbitrary files on t...

9.8CVSS9.9AI score0.01061EPSS
Exploits0References2
NVD
NVD
added 2025/01/09 8:15 p.m.13 views

CVE-2024-10215

The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

9.8CVSS0.00652EPSS
Exploits0References2
CVE
CVE
added 2025/01/09 7:21 p.m.59 views

CVE-2024-10215

The CVE-2024-10215 entry concerns the WPBookit WordPress plugin (versions up to and including 1.6.4). The root cause is that the plugin exposes user-controlled access to objects, allowing unauthorized users to bypass authorization and change passwords. The practical impact is that unauthenticated...

9.8CVSS9.4AI score0.00652EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/01/09 7:21 p.m.11 views

CVE-2024-10215 WPBookit <= 1.6.4 - Unauthenticated Arbitrary User Password Change

The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

9.8CVSS7.1AI score0.00652EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/09 7:21 p.m.19 views

CVE-2024-10215 WPBookit <= 1.6.4 - Unauthenticated Arbitrary User Password Change

The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

9.8CVSS0.00652EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/09 12:0 a.m.4 views

PT-2025-1579 · WordPress · Wpbookit

Name of the Vulnerable Software and Affected Versions: WPBookit plugin for WordPress versions up to, and including, 1.6.4 Description: The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change. This is due to the plugin providing user-controlled access to objects, letting ...

9.8CVSS9.4AI score0.00652EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2024/12/16 3:43 p.m.15 views

CVE-2024-54280 WordPress WPBookit plugin <= 1.6.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Iqonic Design WPBookit allows SQL Injection.This issue affects WPBookit: from n/a through 1.6.0...

9.3CVSS7.9AI score0.00609EPSS
Exploits0References1
Rows per page
Query Builder